447 matches found
CVE-2024-23111
An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...
CVE-2024-23111
CVE-2024-23111 is an XSS vulnerability in FortiOS (7.4.3 and older; 7.2 and 7.0 all versions) and FortiProxy (7.4.2 and older; 7.2 and 7.0 all versions) where the reboot page improperly neutralizes input, allowing a remote attacker with super-admin access to run JavaScript via crafted HTTP GET re...
PT-2024-4152 · Fortinet · Fortiproxy +1
Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.4.4 FortiOS version 7.2 and earlier FortiOS version 7.0 and earlier FortiOS version 6.4 and earlier FortiProxy versions prior to 7.4.3 FortiProxy version 7.2 and earlier FortiProxy version 7.0 and earlier FortiProx...
Fortinet Fortigate xss (FG-IR-23-471)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-471 advisory. - An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS versi...
PT-2024-4153 · Fortinet · Fortiproxy +1
Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.4.3 FortiOS version 7.2 and earlier FortiOS version 7.0 and earlier FortiProxy versions prior to 7.4.2 FortiProxy version 7.2 and earlier FortiProxy version 7.0 and earlier Description: The issue is related to an...
Fortinet Fortigate Weak key derivation for backup file (FG-IR-23-423)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-423 advisory. - A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and...
CVE-2024-29023
CVE-2024-29023 affects Xibo CMS: session tokens are exposed in the session-search API response, enabling potential session hijacking when users have access to the sessions page. Affected software is Xibo: upgrades are recommended to close the issue. Remediation per sources: Upgrade to Xibo 3.3.10...
Cisco Identity Services Engine Server-Side Request Forgery (cisco-sa-ise-ssrf-FtSTh5Oz)
According to its self-reported version, Cisco Identity Services Engine Server-Side Request Forgery is affected by a vulnerability. - A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side...
CVE-2023-48784
A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...
CVE-2023-48784
CVE-2023-48784: Fortinet FortiOS contains a use of externally-controlled format string vulnerability (CWE-134) in the CLI that may allow a local privileged attacker with super-admin/CLI access to execute arbitrary code via specially crafted requests. Affected: FortiOS 7.4.1 and below, 7.2.7 and b...
CVE-2023-48784
A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...
CVE-2023-48784
A use of externally-controlled format string vulnerability CWE-134 in FortiOS version 7.4.1 and below, version 7.2.7 and below, 7.0 all versions, 6.4 all versions command line interface may allow a local privileged attacker with super-admin profile and CLI access to execute arbitrary code or...
PT-2024-3562 · Fortinet · Fortios
Name of the Vulnerable Software and Affected Versions: FortiOS versions 7.4.1 and below FortiOS versions 7.2.7 and below FortiOS versions 7.0.14 and below FortiOS versions 6.4.15 and below Description: A use of externally-controlled format string vulnerability in FortiOS command line interface ma...
Remote Code Execution
WordPress is vulnerable to Remote Code Execution RCE. The vulnerability is due to a defect in the Plugins - Add New - Upload plugin functionality where uploaded file other than a zip file remains temporary available in the Media Library despite being not allowed during FTP upload when that file i...
BIT-WORDPRESS-2024-31210 PHP file upload bypass via Plugin installer
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...
CVE-2024-31210
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...
CVE-2024-31210 PHP file upload bypass via Plugin installer
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...
CVE-2024-31210 PHP file upload bypass via Plugin installer
WordPress is an open publishing platform for the Web. It's possible for a file of a type other than a zip file to be submitted as a new plugin by an administrative user on the Plugins - Add New - Upload Plugin screen in WordPress. If FTP credentials are requested for installation in order to move...
CVE-2024-20332
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...
CVE-2024-20332
The CVE-2024-20332 issue affects Cisco Identity Services Engine (ISE) web-based management interface. It is a server-side request forgery (SSRF) caused by improper input validation in specific HTTP requests, enabling an authenticated attacker to cause the ISE to make arbitrary network requests so...